[src/netbsd-8]: src/sys Pull up following revision(s) (requested by maxv in t...

[snj <snj%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/66f56d6df138
branches:  netbsd-8
changeset: 851015:66f56d6df138
user:      snj <snj%NetBSD.org@localhost>
date:      Mon Sep 11 05:13:45 2017 +0000

description:
Pull up following revision(s) (requested by maxv in ticket #256):
        sys/arch/i386/conf/GENERIC: revision 1.1159 via patch
        sys/arch/i386/conf/XEN3_DOMU: revision 1.78 via patch
        sys/arch/i386/conf/XEN3_DOM0: revision 1.114 via patch
        sys/kern/kern_exec.c: 1.443-1.444 via patch
Disable svr4 and ibcs2 by default.
These options are not well-tested, of a limited use case, and the potential
for damage is too high. Vulnerabilities were presented at DEFCON 25 - I see
that at least one of them can be exploited to get ring0 privileges.
--
Remove compat_freebsd from the list of autoloaded modules. Interested users
will now have to type 'modload' to use it, or uncomment the entry in
GENERIC. I should have removed it when I disabled COMPAT_FREEBSD by
default, sorry about that.
--
Remove compat_svr4, compat_svr4_32 and compat_ibcs2 from the list of
autoloaded modules. These options are disabled everywhere (except ibcs2
on Vax, but Vax does not support kernel modules, so doesn't matter),
therefore there is no issue in removing them from the list. Interested
users will now have to do a 'modload' first, or uncomment the entries in
GENERIC.

diffstat:

 sys/arch/i386/conf/GENERIC   |  6 +++---
 sys/arch/i386/conf/XEN3_DOM0 |  4 ++--
 sys/arch/i386/conf/XEN3_DOMU |  4 ++--
 sys/kern/kern_exec.c         |  6 ++----
 4 files changed, 9 insertions(+), 11 deletions(-)

diffs (90 lines):

diff -r 25ac05761212 -r 66f56d6df138 sys/arch/i386/conf/GENERIC
--- a/sys/arch/i386/conf/GENERIC        Mon Sep 11 04:58:44 2017 +0000
+++ b/sys/arch/i386/conf/GENERIC        Mon Sep 11 05:13:45 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.1156.2.5 2017/08/31 08:41:33 bouyer Exp $
+# $NetBSD: GENERIC,v 1.1156.2.6 2017/09/11 05:13:45 snj Exp $
 #
 # GENERIC machine description file
 #
@@ -22,7 +22,7 @@
 
 options        INCLUDE_CONFIG_FILE     # embed config file in kernel binary
 
-#ident         "GENERIC-$Revision: 1.1156.2.5 $"
+#ident         "GENERIC-$Revision: 1.1156.2.6 $"
 
 maxusers       64              # estimated number of users
 
@@ -145,7 +145,7 @@
 
 options        COMPAT_OSSAUDIO # OSS (Voxware) audio driver compatibility
 #options       COMPAT_SVR4     # binary compatibility with SVR4
-options        COMPAT_IBCS2    # binary compatibility with SCO and ISC
+#options       COMPAT_IBCS2    # binary compatibility with SCO and ISC
 options        COMPAT_LINUX    # binary compatibility with Linux
 #options       COMPAT_FREEBSD  # binary compatibility with FreeBSD
 #options       COMPAT_NDIS     # NDIS network driver
diff -r 25ac05761212 -r 66f56d6df138 sys/arch/i386/conf/XEN3_DOM0
--- a/sys/arch/i386/conf/XEN3_DOM0      Mon Sep 11 04:58:44 2017 +0000
+++ b/sys/arch/i386/conf/XEN3_DOM0      Mon Sep 11 05:13:45 2017 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: XEN3_DOM0,v 1.112.4.4 2017/08/31 08:41:33 bouyer Exp $
+#      $NetBSD: XEN3_DOM0,v 1.112.4.5 2017/09/11 05:13:45 snj Exp $
 #
 #      XEN3_0: Xen 3.0 domain0 kernel
 
@@ -98,7 +98,7 @@
 
 options        COMPAT_OSSAUDIO # OSS (Voxware) audio driver compatibility
 #options       COMPAT_SVR4     # binary compatibility with SVR4
-options        COMPAT_IBCS2    # binary compatibility with SCO and ISC
+#options       COMPAT_IBCS2    # binary compatibility with SCO and ISC
 options        COMPAT_LINUX    # binary compatibility with Linux
 #options       COMPAT_FREEBSD  # binary compatibility with FreeBSD
 options        COMPAT_BSDPTY   # /dev/[pt]ty?? ptys.
diff -r 25ac05761212 -r 66f56d6df138 sys/arch/i386/conf/XEN3_DOMU
--- a/sys/arch/i386/conf/XEN3_DOMU      Mon Sep 11 04:58:44 2017 +0000
+++ b/sys/arch/i386/conf/XEN3_DOMU      Mon Sep 11 05:13:45 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: XEN3_DOMU,v 1.77.2.3 2017/08/31 08:41:33 bouyer Exp $
+# $NetBSD: XEN3_DOMU,v 1.77.2.4 2017/09/11 05:13:45 snj Exp $
 
 include        "arch/xen/conf/std.xen"
 
@@ -82,7 +82,7 @@
 
 options        COMPAT_OSSAUDIO # OSS (Voxware) audio driver compatibility
 #options       COMPAT_SVR4     # binary compatibility with SVR4
-options        COMPAT_IBCS2    # binary compatibility with SCO and ISC
+#options       COMPAT_IBCS2    # binary compatibility with SCO and ISC
 options        COMPAT_LINUX    # binary compatibility with Linux
 #options       COMPAT_FREEBSD  # binary compatibility with FreeBSD
 options        COMPAT_BSDPTY   # /dev/[pt]ty?? ptys.
diff -r 25ac05761212 -r 66f56d6df138 sys/kern/kern_exec.c
--- a/sys/kern/kern_exec.c      Mon Sep 11 04:58:44 2017 +0000
+++ b/sys/kern/kern_exec.c      Mon Sep 11 05:13:45 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_exec.c,v 1.442.4.1 2017/08/31 08:41:33 bouyer Exp $       */
+/*     $NetBSD: kern_exec.c,v 1.442.4.2 2017/09/11 05:13:45 snj Exp $  */
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -59,7 +59,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.442.4.1 2017/08/31 08:41:33 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.442.4.2 2017/09/11 05:13:45 snj Exp $");
 
 #include "opt_exec.h"
 #include "opt_execfmt.h"
@@ -578,8 +578,6 @@
                "exec_coff",
                "exec_ecoff",
                "compat_aoutm68k",
-               "compat_freebsd",
-               "compat_ibcs2",
                "compat_linux",
                "compat_linux32",
                "compat_netbsd32",